Q-recon

From my short experience as a vulnerability broker I can say a lot of good things about the community and the offensive security companies that I worked with I love you all and I hope you will continue to make this community awesome as it is today I will stay available via email

Hi, I'm sorry to say that Im going to close Q-recon in the end of the year. Unfortunately, a bigger player is forcing me to close the company and I can't do anything about it. I will no longer deal with vulnerabilities / refer researchers to offensive security companies.

There are a lot of companies that are interested in iMassage RCE. Got one? DM me and you won't be disappointed

One of my clients asked for Android LPE and Office. If you are interested to sell - please DM me =)

Looking for a job in offensive security company? Freelancers and full time (remote / relocation)? Drop me an email!

We expand the Scope! Routers + Browsers UXSS / SOP bypass

2) Usually, the client has 2 weeks to validate the vulnerabilities. If they have questions / something doesn't work as planned - they can ask to extend this period by another week (for a total of 21 days in the worst case scenario)

1) There is no such thing as "payment in advance". The client (government) has the right to validate the vulnerability before the payment.

Payouts for example: PE iOS - up to 500K USD (if statsic - need to more than 90% success rate) PE Windows 10 RS4 - up to 500K USD (code execution in kernel context) PE Android - up to 600K USD (Vanila / Google stock)

Remote code execution / privilege escalation / sandbox escape / Infoleak etc.

Scope Operating systems: Windows / Linux / OSX Mobile: iOS / Android Web Browsers: ToR / Chrome / Safari / Edge / FireFox Virtualization: VMWare / Virtual Box Others: air-gap / Windows DC / Hypervisors / WiFi chip and more!

Hi all, I hope that in the next few weeks we will have a brand new logo and website. Until then, I will publish here the scope / payouts / process.